Re: systemctl restart sddm
On Friday, July 27, 2018 7:19:05 PM CEST Lisandro Damián Nicanor Pérez Meyer
wrote:
> El miércoles, 25 de julio de 2018 11:48:55 -03 Andy G Wood escribió:
> > On Wednesday, 25 July 2018 15:01:37 BST inkbottle wrote:
> > [...]
> >
> > > Also, introducing Haveged could lead to sensitive application using
> > > "questionable" entropy.
> > >
> > > <quote>
> > > HAVEGE is a random number generator that exploits the modifications of
> > > the
> > > internal CPU hardware states (caches, branch predictors, TLBs) as a
> > > source
> > > of uncertainty. During an initialization phase, the hardware clock cycle
> > > counter of the processor is used to gather part of this entropy: tens of
> > > thousands of unpredictable bits can be gathered per operating system
> > > call
> > > in average.
> > >
> > > https://security.stackexchange.com/questions/34523/is-it-appropriate-to-> > > us
> > > e-> haveged-as-a-source-of-entropy-on-virtual-machines </quote>
> > >
> > > That seems sound to me... But some security issues that have been found
> > > lately seem also so terribly remote.
> >
> > But for completeness also review the haveged FAQ [1].
> >
> > Andy.
> >
> > [1] http://www.issihosts.com/haveged/faq.html
>
> And another option is rng-tools.
I have, kind of, reviewed the two options, and I would have a slight
preference for rng-tools, mostly because in my mind it would be easier to
identify the culprit in case something is going wrong: "yet another cpu-
manufacturer-name scandal, flawed cpu lead to shuttle landing on Saturn
instead of Mars".
Instead of Mr Smith virtual machine poorly configured... more information
needed.
However, Haveged would work on any machine, whatever new or old it is, when
rng-tools would require quite recent cpu.
I haven't tested yet if rng-tools would work out of the box, meaning just
installing the package would make sddm start more quickly; also there are two
packages of that name: rng-tools "unofficial" and rng-tools5.
I think if it works the two packaged could be put in alternative recommends
dependency, with haveged being the default choice.
Reply to: